WB 2.08.x

<?php

/*

 * FCKeditor - The text editor for Internet - http://www.fckeditor.net

 * Copyright (C) 2003-2009 Frederico Caldeira Knabben

 *

 * == BEGIN LICENSE ==

 *

 * Licensed under the terms of any of the following licenses at your

 * choice:

 *

 *  - GNU General Public License Version 2 or later (the "GPL")

 *    http://www.gnu.org/licenses/gpl.html

 *

 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")

 *    http://www.gnu.org/licenses/lgpl.html

 *

 *  - Mozilla Public License Version 1.1 or later (the "MPL")

 *    http://www.mozilla.org/MPL/MPL-1.1.html

 *

 * == END LICENSE ==

 *

 * Utility functions for the File Manager Connector for PHP.

 */

function RemoveFromStart( $sourceString, $charToRemove )

{

	$sPattern = '|^' . $charToRemove . '+|' ;

	return preg_replace( $sPattern, '', $sourceString ) ;

}

function RemoveFromEnd( $sourceString, $charToRemove )

{

	$sPattern = '|' . $charToRemove . '+$|' ;

	return preg_replace( $sPattern, '', $sourceString ) ;

}

function FindBadUtf8( $string )

{

	$regex =

	'([\x00-\x7F]'.

	'|[\xC2-\xDF][\x80-\xBF]'.

	'|\xE0[\xA0-\xBF][\x80-\xBF]'.

	'|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.

	'|\xED[\x80-\x9F][\x80-\xBF]'.

	'|\xF0[\x90-\xBF][\x80-\xBF]{2}'.

	'|[\xF1-\xF3][\x80-\xBF]{3}'.

	'|\xF4[\x80-\x8F][\x80-\xBF]{2}'.

	'|(.{1}))';

	while (preg_match('/'.$regex.'/S', $string, $matches)) {

		if ( isset($matches[2])) {

			return true;

		}

		$string = substr($string, strlen($matches[0]));

	}

	return false;

}

function ConvertToXmlAttribute( $value )

{

	if ( defined( 'PHP_OS' ) )

	{

		$os = PHP_OS ;

	}

	else

	{

		$os = php_uname() ;

	}

	if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )

	{

		return ( utf8_encode( htmlspecialchars( $value ) ) ) ;

	}

	else

	{

		return ( htmlspecialchars( $value ) ) ;

	}

}

/**

 * Check whether given extension is in html etensions list

 *

 * @param string $ext

 * @param array $htmlExtensions

 * @return boolean

 */

function IsHtmlExtension( $ext, $htmlExtensions )

{

	if ( !$htmlExtensions || !is_array( $htmlExtensions ) )

	{

		return false ;

	}

	$lcaseHtmlExtensions = array() ;

	foreach ( $htmlExtensions as $key => $val )

	{

		$lcaseHtmlExtensions[$key] = strtolower( $val ) ;

	}

	return in_array( $ext, $lcaseHtmlExtensions ) ;

}

/**

 * Detect HTML in the first KB to prevent against potential security issue with

 * IE/Safari/Opera file type auto detection bug.

 * Returns true if file contain insecure HTML code at the beginning.

 *

 * @param string $filePath absolute path to file

 * @return boolean

 */

function DetectHtml( $filePath )

{

	$fp = @fopen( $filePath, 'rb' ) ;

	//open_basedir restriction, see #1906

	if ( $fp === false || !flock( $fp, LOCK_SH ) )

	{

		return -1 ;

	}

	$chunk = fread( $fp, 1024 ) ;

	flock( $fp, LOCK_UN ) ;

	fclose( $fp ) ;

	$chunk = strtolower( $chunk ) ;

	if (!$chunk)

	{

		return false ;

	}

	$chunk = trim( $chunk ) ;

	if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )

	{

		return true;

	}

	$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;

	foreach( $tags as $tag )

	{

		if( false !== strpos( $chunk, $tag ) )

		{

			return true ;

		}

	}

	//type = javascript

	if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )

	{

		return true ;

	}

	//href = javascript

	//src = javascript

	//data = javascript

	if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )

	{

		return true ;

	}

	//url(javascript

	if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )

	{

		return true ;

	}

	return false ;

}

/**

 * Check file content.

 * Currently this function validates only image files.

 * Returns false if file is invalid.

 *

 * @param string $filePath absolute path to file

 * @param string $extension file extension

 * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images

 * @return boolean

 */

function IsImageValid( $filePath, $extension )

{

	if (!@is_readable($filePath)) {

		return -1;

	}

	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');

	// version_compare is available since PHP4 >= 4.0.7

	if ( function_exists( 'version_compare' ) ) {

		$sCurrentVersion = phpversion();

		if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {

			$imageCheckExtensions[] = "tiff";

			$imageCheckExtensions[] = "tif";

		}

		if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {

			$imageCheckExtensions[] = "swc";

		}

		if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {

			$imageCheckExtensions[] = "jpc";

			$imageCheckExtensions[] = "jp2";

			$imageCheckExtensions[] = "jpx";

			$imageCheckExtensions[] = "jb2";

			$imageCheckExtensions[] = "xbm";

			$imageCheckExtensions[] = "wbmp";

		}

	}

	if ( !in_array( $extension, $imageCheckExtensions ) ) {

		return true;

	}

	if ( @getimagesize( $filePath ) === false ) {

		return false ;

	}

	return true;

}

?>